Learning strikes again: The case of the DRS signature scheme

Lattice signature schemes generally require particular care when it comes to preventing secret information from leaking through signature transcript. For example, the Goldreich-Goldwasser-Halevi (GGH) signature scheme and the NTRUSign scheme were completely broken by the parallelepiped-learning attack of Nguyen and Regev (Eurocrypt 2006). Several heuristic countermeasures were also shown vulnerable to similar statistical attacks.At PKC 2008, Plantard, Susilo and Win proposed a new variant of GGH, informally arguing resistance to such attacks. Based on this variant, Plantard, Sipasseuth, Dumondelle and Susilo proposed a concrete signature scheme, called DRS, that has been accepted in the round 1 of the NIST post-quantum cryptography project.In this work, we propose yet another statistical attack and demonstrate a weakness of the DRS scheme: one can recover some partial information of the secret key from sufficiently many signatures. One difficulty is that, due to the DRS reduction algorithm, the relation between the statistical leak and the secret seems more intricate. We work around this difficulty by training a statistical model, using a few features that we designed according to a simple heuristic analysis.While we only recover partial information on the secret key, this information is easily exploited by lattice attacks, significantly decreasing their complexity. Concretely, we claim that, provided that signatures are available, the secret key may be recovered using BKZ-138 for the first set of DRS parameters submitted to the NIST. This puts the security level of this parameter set below 80-bits (maybe even 70-bits), to be compared to an original claim of 128-bits.</p

On the statistical leak of the GGH13 multilinear map and some variants

At EUROCRYPT 2013, Garg, Gentry and Halevi proposed a candidate construction (later referred as GGH13) of cryptographic multilinear map (MMap). Despite weaknesses uncovered by Hu and Jia (EUROCRYPT 2016), this candidate is still used for designing obfuscators.The naive version of the GGH13 scheme was deemed susceptible to averaging attacks, i.e., it could suffer from a statistical leak (yet no precise attack was described). A variant was therefore devised, but it remains heuristic. Recently, to obtain MMaps with low noise and modulus, two variants of this countermeasure were developed by Döttling et al. (EPRINT:2016/599).In this work, we propose a systematic study of this statistical leakage for all these GGH13 variants. In particular, we confirm the weakness of the naive version o

Polar extracts from (Tunisian) Acacia salicina Lindl. Study of the antimicrobial and antigenotoxic activities

<p>Abstract</p> <p>Background</p> <p>Methanolic, aqueous and Total Oligomer Flavonoids (TOF)-enriched extracts obtained from the leaves of <it>Acacia salicina </it>'Lindl.' were investigated for antibacterial, antimutagenic and antioxidant activities.</p> <p>Methods</p> <p>The antimicrobial activity was tested on the Gram positive and Gram negative reference bacterial strains. The Mutagenic and antimutagenic activities against direct acting mutagens, methylmethane sulfonate (MMS) and 4-nitro-o-phenylenediamine (NOPD), and indirect acting mutagens, 2-aminoanthracene (2-AA) and benzo[a]pyrene (B(a)P) were performed with <it>S. typhimurium </it>TA102 and TA98 assay systems. In addition, the enzymatic and nonenzymatic methods were employed to evaluate the anti-oxidative effects of the tested extracts.</p> <p>Results</p> <p>A significant effect against the Gram positive and Gram negative reference bacterial strains was observed with all the extracts. The mutagenic and antimutagenic studies revealed that all the extracts decreased the mutagenicity induced by B(a)P (7.5 μg/plate), 2-AA (5 μg/plate), MMS (1.3 mg/plate) and NOPD (10 μg/plate). Likewise, all the extracts showed an important free radical scavenging activity towards the superoxide anion generated by the xanthine/xanthine oxidase assay system, as well as high Trolox Equivalent Antioxidant Capacity (TEAC), against the 2,2'-azino-bis(3-ethylbenzothiazoline-6-sulfonic acid) diammonium salt (ABTS)⁺• radical. TOF-enriched extract exhibited the highest protective effect against free radicals, direct acting-mutagen and metabolically activated S9-dependent mutagens.</p> <p>Conclusions</p> <p>The present study indicates that the extracts from <it>A. salicina </it>leaves are a significant source of compounds with the antimutagenic and antioxidant activities, and this may be useful for developing potential chemopreventive substances.</p

Exome Sequencing Implicates Impaired GABA Signaling and Neuronal Ion Transport in Trigeminal Neuralgia

Trigeminal neuralgia (TN) is a common, debilitating neuropathic face pain syndrome often resistant to therapy. The familial clustering of TN cases suggests that genetic factors play a role in disease pathogenesis. However, no unbiased, large-scale genomic study of TN has been performed to date. Analysis of 290 whole exome-sequenced TN probands, including 20 multiplex kindreds and 70 parent-offspring trios, revealed enrichment of rare, damaging variants in GABA receptor-binding genes in cases. Mice engineered with a TN-associated de novo mutation (p.Cys188Trp) in the GABAA receptor Cl− channel γ-1 subunit (GABRG1) exhibited trigeminal mechanical allodynia and face pain behavior. Other TN probands harbored rare damaging variants in Na+ and Ca+ channels, including a significant variant burden in the α-1H subunit of the voltage-gated Ca2+ channel Cav3.2 (CACNA1H). These results provide exome-level insight into TN and implicate genetically encoded impairment of GABA signaling and neuronal ion transport in TN pathogenesis

Performance of CMS muon reconstruction in pp collision events at sqrt(s) = 7 TeV

The performance of muon reconstruction, identification, and triggering in CMS has been studied using 40 inverse picobarns of data collected in pp collisions at sqrt(s) = 7 TeV at the LHC in 2010. A few benchmark sets of selection criteria covering a wide range of physics analysis needs have been examined. For all considered selections, the efficiency to reconstruct and identify a muon with a transverse momentum pT larger than a few GeV is above 95% over the whole region of pseudorapidity covered by the CMS muon system, abs(eta) < 2.4, while the probability to misidentify a hadron as a muon is well below 1%. The efficiency to trigger on single muons with pT above a few GeV is higher than 90% over the full eta range, and typically substantially better. The overall momentum scale is measured to a precision of 0.2% with muons from Z decays. The transverse momentum resolution varies from 1% to 6% depending on pseudorapidity for muons with pT below 100 GeV and, using cosmic rays, it is shown to be better than 10% in the central region up to pT = 1 TeV. Observed distributions of all quantities are well reproduced by the Monte Carlo simulation.Comment: Replaced with published version. Added journal reference and DO

Performance of CMS muon reconstruction in pp collision events at sqrt(s) = 7 TeV

The performance of muon reconstruction, identification, and triggering in CMS has been studied using 40 inverse picobarns of data collected in pp collisions at sqrt(s) = 7 TeV at the LHC in 2010. A few benchmark sets of selection criteria covering a wide range of physics analysis needs have been examined. For all considered selections, the efficiency to reconstruct and identify a muon with a transverse momentum pT larger than a few GeV is above 95% over the whole region of pseudorapidity covered by the CMS muon system, abs(eta) < 2.4, while the probability to misidentify a hadron as a muon is well below 1%. The efficiency to trigger on single muons with pT above a few GeV is higher than 90% over the full eta range, and typically substantially better. The overall momentum scale is measured to a precision of 0.2% with muons from Z decays. The transverse momentum resolution varies from 1% to 6% depending on pseudorapidity for muons with pT below 100 GeV and, using cosmic rays, it is shown to be better than 10% in the central region up to pT = 1 TeV. Observed distributions of all quantities are well reproduced by the Monte Carlo simulation.Comment: Replaced with published version. Added journal reference and DO

X-ray emission from the Sombrero galaxy: discrete sources

We present a study of discrete X-ray sources in and around the bulge-dominated, massive Sa galaxy, Sombrero (M104), based on new and archival Chandra observations with a total exposure of ~200 ks. With a detection limit of L_X = 1E37 erg/s and a field of view covering a galactocentric radius of ~30 kpc (11.5 arcminute), 383 sources are detected. Cross-correlation with Spitler et al.'s catalogue of Sombrero globular clusters (GCs) identified from HST/ACS observations reveals 41 X-rays sources in GCs, presumably low-mass X-ray binaries (LMXBs). We quantify the differential luminosity functions (LFs) for both the detected GC and field LMXBs, whose power-low indices (~1.1 for the GC-LF and ~1.6 for field-LF) are consistent with previous studies for elliptical galaxies. With precise sky positions of the GCs without a detected X-ray source, we further quantify, through a fluctuation analysis, the GC LF at fainter luminosities down to 1E35 erg/s. The derived index rules out a faint-end slope flatter than 1.1 at a 2 sigma significance, contrary to recent findings in several elliptical galaxies and the bulge of M31. On the other hand, the 2-6 keV unresolved emission places a tight constraint on the field LF, implying a flattened index of ~1.0 below 1E37 erg/s. We also detect 101 sources in the halo of Sombrero. The presence of these sources cannot be interpreted as galactic LMXBs whose spatial distribution empirically follows the starlight. Their number is also higher than the expected number of cosmic AGNs (52+/-11 [1 sigma]) whose surface density is constrained by deep X-ray surveys. We suggest that either the cosmic X-ray background is unusually high in the direction of Sombrero, or a distinct population of X-ray sources is present in the halo of Sombrero.Comment: 11 figures, 5 tables, ApJ in pres

Performance of the CMS Cathode Strip Chambers with Cosmic Rays

The Cathode Strip Chambers (CSCs) constitute the primary muon tracking device in the CMS endcaps. Their performance has been evaluated using data taken during a cosmic ray run in fall 2008. Measured noise levels are low, with the number of noisy channels well below 1%. Coordinate resolution was measured for all types of chambers, and fall in the range 47 microns to 243 microns. The efficiencies for local charged track triggers, for hit and for segments reconstruction were measured, and are above 99%. The timing resolution per layer is approximately 5 ns

A Discontinuous RNA Platform Mediates RNA Virus Replication: Building an Integrated Model for RNA–based Regulation of Viral Processes

Plus-strand RNA viruses contain RNA elements within their genomes that mediate a variety of fundamental viral processes. The traditional view of these elements is that of local RNA structures. This perspective, however, is changing due to increasing discoveries of functional viral RNA elements that are formed by long-range RNA–RNA interactions, often spanning thousands of nucleotides. The plus-strand RNA genomes of tombusviruses exemplify this concept by possessing different long-range RNA–RNA interactions that regulate both viral translation and transcription. Here we report that a third fundamental tombusvirus process, viral genome replication, requires a long-range RNA–based interaction spanning ∼3000 nts. In vivo and in vitro analyses suggest that the discontinuous RNA platform formed by the interaction facilitates efficient assembly of the viral RNA replicase. This finding has allowed us to build an integrated model for the role of global RNA structure in regulating the reproduction of a eukaryotic RNA virus, and the insights gained have extended our understanding of the multifunctional nature of viral RNA genomes